Add support for passing credentials over host FDs.

Credentials are set up using the sentry PID since sandboxed pids are
nonsense in the host context.

Co-authored-by: Jamie Liu <jamieliu@google.com>
PiperOrigin-RevId: 833990261

Author: 2 people

pkg/sentry/socket/unix/transport/host.go

@@ -164,7 +164,7 @@ func (c *HostConnectedEndpoint) Send(ctx context.Context, data [][]byte, control
 	c.mu.RLock()
 	defer c.mu.RUnlock()
 
-	if !controlMessages.Empty() {
+	if controlMessages.Rights != nil {
 		return 0, false, syserr.ErrInvalidEndpointState
 	}
 
@@ -176,7 +176,7 @@ func (c *HostConnectedEndpoint) Send(ctx context.Context, data [][]byte, control
 	// only as much of the message as fits in the send buffer.
 	truncate := c.stype == linux.SOCK_STREAM
 
-	n, totalLen, err := fdWriteVec(c.fd, data, c.SendMaxQueueSize(), truncate)
+	n, totalLen, err := fdWriteVec(c.fd, data, c.SendMaxQueueSize(), truncate, controlMessages.Credentials != nil)
 	if n < totalLen && err == nil {
 		// The host only returns a short write if it would otherwise
 		// block (and only for stream sockets).
@@ -236,8 +236,7 @@ func (c *HostConnectedEndpoint) Writable() bool {
 
 // Passcred implements ConnectedEndpoint.Passcred.
 func (c *HostConnectedEndpoint) Passcred() bool {
-	// We don't support credential passing for host sockets.
-	return false
+	return passcredsEnabled(c.fd)
 }
 
 // GetLocalAddress implements ConnectedEndpoint.GetLocalAddress.
@@ -269,6 +268,11 @@ func (c *HostConnectedEndpoint) Recv(ctx context.Context, data [][]byte, args Re
 
 	// N.B. Unix sockets don't have a receive buffer, the send buffer
 	// serves both purposes.
+	//
+	// We ignore args.Creds because we don't translate sandbox socket options to
+	// host socket options, so the fd won't have the SO_PASSCRED option set. By
+	// default, the sentry will always return credentials with PID 0 and UID/GID
+	// 65534 (nobody).
 	out := RecvOutput{Source: Address{Addr: c.addr}}
 	var err error
 	var controlLen uint64

pkg/sentry/socket/unix/transport/host_unsafe.go

@@ -15,11 +15,15 @@
 package transport
 
 import (
+	"time"
 	"unsafe"
 
 	"golang.org/x/sys/unix"
+	"gvisor.dev/gvisor/pkg/log"
 )
 
+var usingRootCredsLogger = log.BasicRateLimitedLogger(time.Minute)
+
 // fdReadVec receives from fd to bufs.
 //
 // If the total length of bufs is > maxlen, fdReadVec will do a partial read
@@ -72,9 +76,9 @@ func fdReadVec(fd int, bufs [][]byte, control []byte, peek bool, maxlen int64) (
 
 // fdWriteVec sends from bufs to fd.
 //
-// If the total length of bufs is > maxlen && truncate, fdWriteVec will do a
-// partial write and err will indicate why the message was truncated.
-func fdWriteVec(fd int, bufs [][]byte, maxlen int64, truncate bool) (int64, int64, error) {
+// If the total length of bufs is > maxlen && truncate, fdWriteVec will do
+// a partial write and err will indicate why the message was truncated.
+func fdWriteVec(fd int, bufs [][]byte, maxlen int64, truncate bool, creds bool) (int64, int64, error) {
 	length, iovecs, intermediate, err := buildIovec(bufs, maxlen, truncate)
 	if err != nil && len(iovecs) == 0 {
 		// No partial write to do, return error immediately.
@@ -92,6 +96,36 @@ func fdWriteVec(fd int, bufs [][]byte, maxlen int64, truncate bool) (int64, int6
 		msg.Iovlen = uint64(len(iovecs))
 	}
 
+	if creds {
+		// We can't pass arbitrary application credentials to the host. Pass the
+		// sentry's credentials instead.
+		cmsgSlice := make([]byte, unix.CmsgSpace(unix.SizeofUcred))
+		cmsg := (*unix.Cmsghdr)(unsafe.Pointer(&cmsgSlice[0]))
+		cmsg.Level = unix.SOL_SOCKET
+		cmsg.Type = unix.SCM_CREDENTIALS
+		cmsgLen := unix.CmsgLen(unix.SizeofUcred)
+		cmsg.SetLen(cmsgLen)
+		cmsgData := (*unix.Ucred)(unsafe.Pointer(&cmsgSlice[unix.CmsgLen(0)]))
+		// Collect owner information for fd. Gete(uid|gid) are forbidden by the
+		// sentry's seccomp filters.
+		s := unix.Stat_t{}
+		if err := unix.Fstat(fd, &s); err != nil {
+			return 0, length, err
+		}
+		if s.Uid == 0 || s.Gid == 0 {
+			usingRootCredsLogger.Warningf("gVisor does not support setting UID or GID to root in SCM credentials sent from the sentry")
+			return 0, length, unix.EINVAL
+		}
+		pid, _, err := unix.RawSyscall(unix.SYS_GETPID, 0, 0, 0)
+		if err != 0 {
+			return 0, length, err
+		}
+		*cmsgData = unix.Ucred{Pid: int32(pid), Uid: s.Uid, Gid: s.Gid}
+
+		msg.Control = &cmsgSlice[0]
+		msg.SetControllen(cmsgLen)
+	}
+
 	n, _, e := unix.RawSyscall(unix.SYS_SENDMSG, uintptr(fd), uintptr(unsafe.Pointer(&msg)), unix.MSG_DONTWAIT|unix.MSG_NOSIGNAL)
 	if e != 0 {
 		// N.B. prioritize the syscall error over the buildIovec error.
@@ -100,3 +134,11 @@ func fdWriteVec(fd int, bufs [][]byte, maxlen int64, truncate bool) (int64, int6
 
 	return int64(n), length, err
 }
+
+func passcredsEnabled(fd int) bool {
+	enabled, err := unix.GetsockoptInt(fd, unix.SOL_SOCKET, unix.SO_PASSCRED)
+	if err != nil {
+		return false
+	}
+	return enabled != 0
+}

runsc/boot/filter/config/config_main.go

@@ -105,6 +105,11 @@ var allowedSyscalls = seccomp.MakeSyscallRules(map[uintptr]seccomp.SyscallRule{
 			seccomp.EqualTo(unix.SOL_SOCKET),
 			seccomp.EqualTo(unix.SO_SNDBUF),
 		},
+		seccomp.PerArg{
+			seccomp.AnyValue{},
+			seccomp.EqualTo(unix.SOL_SOCKET),
+			seccomp.EqualTo(unix.SO_PASSCRED),
+		},
 	},
 	unix.SYS_GETTID:       seccomp.MatchAll{},
 	unix.SYS_GETTIMEOFDAY: seccomp.MatchAll{},